Lucene search
Veracode Vulnerability DatabaseVERACODE:21956HistoryNov 15, 2019 - 3:08 a.m.
Directory Traversal
2019-11-1503:08:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.003 Low
EPSS
Percentile
68.5%
rack-cors is vulnerable to directory traversal. The vulnerability exists as it does not escape nor resolve the path before evaluating the resource rules, allowing access to files outside the /public folder.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rack-cors | le | 1.0.3 | |
| ruby-rack-cors:xenial | eq | 0.4.0 | |
| ruby-rack-cors:stretch | eq | 0.4.0-1+deb9u1 |
References
Related
nessus
nessus
Debian DLA-2389-1 : ruby-rack-cors security update
2020-10-05 00:00:00
Ubuntu 16.04 LTS : rack-cors vulnerability (USN-4571-1)
2020-10-05 00:00:00
Debian DLA-2096-1 : ruby-rack-cors security update
2020-02-07 00:00:00
debian
debian
[SECURITY] [DSA 4918-1] ruby-rack-cors security update
2021-05-18 14:42:40
[SECURITY] [DLA 2096-1] ruby-rack-cors security update
2020-02-06 07:31:50
[SECURITY] [DSA 4918-1] ruby-rack-cors security update
2021-05-18 14:42:40
openvas
openvas
Debian: Security Advisory (DSA-4918-1)
2021-05-19 00:00:00
Debian: Security Advisory (DLA-2389-1)
2020-10-02 00:00:00
Ubuntu: Security Advisory (USN-4571-1)
2020-10-06 00:00:00
cve
cve
CVE-2019-18978
2019-11-14 21:15:12
ubuntucve
ubuntucve
CVE-2019-18978
2019-11-14 00:00:00
osv
osv
ruby-rack-cors - security update
2020-10-01 00:00:00
ruby-rack-cors - security update
2020-02-06 00:00:00
ruby-rack-cors - security update
2021-05-18 00:00:00
nvd
nvd
CVE-2019-18978
2019-11-14 21:15:12
github
github
The rack-cors rubygem may allow directory traveral
2019-11-15 20:26:59
ubuntu
ubuntu
rack-cors vulnerability
2020-10-05 00:00:00
debiancve
debiancve
CVE-2019-18978
2019-11-14 21:15:12
prion
prion
Directory traversal
2019-11-14 21:15:00
cvelist
cvelist
CVE-2019-18978
2019-11-14 20:21:24
freebsd
freebsd
Gitlab -- Multiple Vulnerabilities
2020-01-30 00:00:00